rysktkr2

Just uninstall all the stuff I installed here and were done?

Done. Good suggestion for HD.

From eset: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKER6FRM\zipinstall[1].exe a variant of Win32/InstallCore.ADD potentially unwanted application Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01 Ran by Administrator (administrator) on NB4SW (22-10-2015 11:18:16) Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N2H0LBX Loaded Profiles: UpdatusUser & Administrator (Available Profiles: UpdatusUser & fnlyt_000 & Administrator) Platform: Windows 8 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Hewlett-Packard) C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dellog.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\updateui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM\...\Run: [DSKTOP1] => C:\Windows\system32\Desktop.scf [58 2013-06-19] () HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [WinTestCtrl] => C:\WinTest\WinTestCtrl\WinTestCtrl Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3518515903-1676577886-1794810530-1003\...\RunOnce: [RegAutoPlay] => C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CXBS.vbs - Shortcut.lnk [2013-06-01] ShortcutTarget: CXBS.vbs - Shortcut.lnk -> C:\WinTest\ZTE\CXBS.vbs (No File) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dellog.exe [2013-06-25] (Hewlett-Packard) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IPv6.cmd [2013-08-13] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-06-19] ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{224DF92B-DAE0-4A95-BA53-EB485861725C}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3518515903-1676577886-1794810530-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-3518515903-1676577886-1794810530-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com HKU\S-1-5-21-3518515903-1676577886-1794810530-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-3518515903-1676577886-1794810530-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-1003 -> DefaultScope {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL = SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-500 -> DefaultScope {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL = SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-500 -> {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL = FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.) S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed] R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation) R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-05-16] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate) S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-21] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-21] (Broadcom Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [116168 2013-05-17] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-16] () R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-22] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation) R3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2013-06-19] (Windows ® 2003 DDK 3790 provider) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35232 2013-04-21] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [230904 2013-04-21] (Microsoft Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-10-22] () S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X] S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-22 11:14 - 2015-10-22 11:15 - 01700352 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2015-10-22 11:12 - 2015-10-22 11:12 - 00000378 _____ C:\Users\Administrator\Desktop\eset.txt 2015-10-22 10:30 - 2015-10-22 10:30 - 00000000 ____D C:\Program Files (x86)\ESET 2015-10-22 10:11 - 2015-10-22 10:11 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2015-10-22 10:07 - 2015-10-22 10:10 - 00000000 ____D C:\AdwCleaner 2015-10-22 10:06 - 2015-10-22 10:06 - 01691648 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe 2015-10-22 10:03 - 2015-10-22 10:03 - 00000817 _____ C:\Users\Administrator\Desktop\JRT.txt 2015-10-22 09:54 - 2015-10-22 09:54 - 01801288 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe 2015-10-21 15:19 - 2015-10-21 15:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Intel_Corporation 2015-10-21 15:16 - 2015-10-21 15:16 - 00000000 ____D C:\Windows\ERDNT 2015-10-21 15:12 - 2015-10-21 15:12 - 00791393 _____ (Lars Hederer ) C:\Users\Administrator\Desktop\erunt-setup.exe 2015-10-21 15:11 - 2015-10-21 15:11 - 00002202 _____ C:\Users\Administrator\Desktop\Rkill.txt 2015-10-21 15:10 - 2015-10-21 15:10 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe 2015-10-20 16:04 - 2015-10-20 16:04 - 00000000 ____D C:\Users\Administrator\Documents\New folder 2015-10-16 09:29 - 2015-10-16 09:29 - 00023595 _____ C:\Users\fnlyt_000\Desktop\Addition.txt 2015-10-16 09:28 - 2015-10-22 11:18 - 00000000 ____D C:\FRST 2015-10-16 09:28 - 2015-10-16 09:29 - 00016672 _____ C:\Users\fnlyt_000\Desktop\FRST.txt 2015-10-16 09:28 - 2015-10-16 09:28 - 02196480 _____ (Farbar) C:\Users\fnlyt_000\Desktop\FRST64.exe 2015-10-15 15:17 - 2015-10-15 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-04 17:20 - 2015-10-04 17:20 - 00000000 _____ C:\Users\fnlyt_000\Documents\college essay.a6lswv5.partial ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-22 11:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\sru 2015-10-22 10:12 - 2015-05-17 10:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-22 10:11 - 2013-06-19 19:44 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys 2015-10-22 10:11 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-22 10:10 - 2013-05-16 14:05 - 00072410 _____ C:\Windows\PFRO.log 2015-10-22 10:10 - 2012-07-26 13:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2015-10-22 08:35 - 2013-06-19 02:09 - 01961845 _____ C:\Windows\WindowsUpdate.log 2015-10-21 15:46 - 2015-05-17 10:38 - 00000688 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-21 15:46 - 2015-05-17 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-21 15:16 - 2012-07-26 15:59 - 00000000 ____D C:\Windows\CbsTemp 2015-10-05 09:50 - 2015-05-17 10:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-05 09:50 - 2015-05-17 10:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-05 09:50 - 2015-05-17 10:38 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-09-27 14:50 - 2015-09-15 20:06 - 00000470 _____ C:\Users\fnlyt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Apple - iTunes - Download iTunes - Thank You.website ==================== Files in the root of some directories ======= 2013-06-19 02:46 - 2013-06-19 02:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Wind ows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-21 15:29 Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01 Ran by Administrator (2015-10-22 11:18:45) Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N2H0LBX Windows 8 (X64) (2013-06-19 04:40:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3518515903-1676577886-1794810530-500 - Administrator - Enabled) => C:\Users\Administrator fnlyt_000 (S-1-5-21-3518515903-1676577886-1794810530-1004 - Limited - Enabled) => C:\Users\fnlyt_000 Guest (S-1-5-21-3518515903-1676577886-1794810530-501 - Limited - Disabled) UpdatusUser (S-1-5-21-3518515903-1676577886-1794810530-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.) HID Monitor (HKLM-x32\...\{7D00AB67-B37B-4CEF-9375-D8BE973AE7A6}) (Version: 1.1.5 - Acer Incorporated) Intel Experience Center - Configuration (x32 Version: 1.5.0.0 - Intel) Hidden Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel) Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{444400C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.0.1306.0342 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel) Intel® Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0890D705-CEEC-4F0C-99AD-E72F0F0E9BBE} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.) Task: {19E4B419-D554-41EA-93E4-4992F6C81E4C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-16] (Acer Incorporated) Task: {2FF980FC-2022-4CCA-B9B7-B203BA53FAC4} - System32\Tasks\{495EEAC1-67F1-4069-B771-8C7EE02BE60E} => pcalua.exe -a "D:\Norton PartitionMagic 8.0\PMagicNT.exe" -d "D:\Norton PartitionMagic 8.0" Task: {5A09D1BE-190C-4CC2-8F50-8347DD339124} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe Task: {62F9A4FA-D98A-4DF3-8D94-A76363E2BC15} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-09] (Intel Corporation) Task: {B19DCC4B-EB66-4562-BA78-ED255F0FD8F7} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-09] (Intel Corporation) Task: {FD557DEB-E8F7-4F6E-97FB-A636D87EE1E1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-11] (Synaptics Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (Whitelisted) ============== 2013-04-15 15:45 - 2013-04-15 15:45 - 00182760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe 2013-04-15 15:45 - 2013-04-15 15:45 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll 2013-06-19 02:12 - 2013-03-20 15:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2013-03-09 03:19 - 2013-03-09 03:19 - 01013536 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtNetwork4.dll 2013-03-09 03:19 - 2013-03-09 03:19 - 02610464 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtCore4.dll 2013-03-09 03:19 - 2013-03-09 03:19 - 00028448 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\osEvents.dll 2013-03-09 03:18 - 2013-03-09 03:18 - 00328992 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\log4cplus.dll 2013-03-09 03:19 - 2013-03-09 03:19 - 00389408 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtXml4.dll 2013-03-09 03:19 - 2013-03-09 03:19 - 00407328 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\sqlite3.dll 2013-03-09 03:18 - 2013-03-09 03:18 - 00202528 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\libgsoap.dll 2013-03-09 03:20 - 2013-03-09 03:20 - 00069408 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\zlib1.dll 2013-03-09 03:20 - 2013-03-09 03:20 - 00473376 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\plugin\PServerPlugin.dll 2013-03-09 03:21 - 2013-03-09 03:21 - 14984992 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtWebKit4.dll 2013-03-09 03:19 - 2013-03-09 03:19 - 09231648 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\QtGui4.dll 2013-03-09 03:21 - 2013-03-09 03:21 - 00324896 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\phonon4.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3518515903-1676577886-1794810530-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\Desktop\Untitled.png DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{3187EA08-B9BC-473C-8953-EC8ABEBE63D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe FirewallRules: [{EB68DA63-8855-4639-9C27-48DBCFBC94F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe FirewallRules: [{3D703269-C242-40E0-A71B-748B3A7F66FB}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{35AF40B5-1EF1-4C85-849C-7645E912E378}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{5EEE9C5D-3732-46F1-A71E-227EB93748B1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{5F24D352-04E7-4981-B3F4-053E3FC868B9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{8795846A-3DF9-423E-9D26-E507F5A0A603}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{829560A8-7C2A-4B81-8953-242FD58D8727}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{2B86C4AA-3100-4732-A7DF-34746E37A951}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{5E07CAE9-07B1-48AF-8530-0026D07E162F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{4C29B665-2030-4FBA-B203-F566324A0DF0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{15383A47-E224-4749-B374-4C0C3713488A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe FirewallRules: [{ACA89155-0F49-4E7F-BEA3-973BD1E2077C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{08AA8A8C-A7D6-4332-A19C-F8C498E7A9A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{D6123F31-2EA2-45A7-B277-63A1AC65A3BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{5B88DBCE-F7D9-4430-9CD9-A2216E9CD592}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{5A28CEB4-2B81-40C6-AC77-D855A71C7016}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{2CD75320-0B71-4783-AD42-CFED0629A812}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{7F0C3DFA-501A-4522-80AE-3A705271ADE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{DDC5F95F-1C4A-40AC-8BB1-994035CB3B43}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{509DABA6-94EE-44FD-98E6-6F92E5299913}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{3E41EBE4-E53F-4157-9B24-F4A33AAF4E50}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{13BC626F-A3E3-4B35-8A4E-2E1D055EABB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{036308A9-3157-4E5D-8F38-AA29D79DBC35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{A9B24A98-5450-49D3-8192-955267B7814D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/22/2015 10:30:35 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest. Error: (10/22/2015 10:11:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HeciServer.exe, version: 1.27.798.1, time stamp: 0x511b7d27 Faulting module name: HeciServer.exe, version: 1.27.798.1, time stamp: 0x511b7d27 Exception code: 0x40000015 Fault offset: 0x000000000005d549 Faulting process id: 0x784 Faulting application start time: 0xHeciServer.exe0 Faulting application path: HeciServer.exe1 Faulting module path: HeciServer.exe2 Report Id: HeciServer.exe3 Faulting package full name: HeciServer.exe4 Faulting package-relative application ID: HeciServer.exe5 Error: (10/22/2015 10:06:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (10/22/2015 10:03:00 AM) (Source: ISCTAgent) (EventID: 1000) (User: ) Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (10/22/2015 10:01:34 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Users\ADMINI~1\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x80070422). Error: (10/21/2015 03:30:48 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest. Error: (10/21/2015 03:29:55 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest. Error: (10/21/2015 03:21:16 PM) (Source: ESENT) (EventID: 104) (User: ) Description: wuaueng.dll (1004) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1092). Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.016, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000. Error: (10/21/2015 03:16:26 PM) (Source: ESENT) (EventID: 471) (User: ) Description: wuaueng.dll (1004) SUS20ClientDataStore: Unable to rollback operation #185179 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error: -529. All future database updates will be rejected. Error: (10/21/2015 03:16:26 PM) (Source: ESENT) (EventID: 492) (User: ) Description: wuaueng.dll (1004) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup. System errors: ============= Error: (10/22/2015 10:32:20 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (10/22/2015 10:32:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (10/22/2015 10:32:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (10/22/2015 10:32:19 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (10/22/2015 10:32:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (10/22/2015 10:32:19 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (10/22/2015 10:11:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel® Capability Licensing Service Interface service failed to start due to the following error: %%1053 Error: (10/22/2015 10:11:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Capability Licensing Service Interface service to connect. Error: (10/22/2015 10:10:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (10/22/2015 10:10:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll CodeIntegrity: =================================== Date: 2013-06-21 09:40:15.907 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 09:25:59.980 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 09:24:37.373 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 09:23:32.763 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 09:17:56.787 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 09:16:03.483 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 07:08:27.765 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 07:05:56.502 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 07:01:09.178 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-20 16:44:39.955 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5-4200U CPU @ 1.60GHz Percentage of memory in use: 28% Total physical RAM: 7848.27 MB Available physical RAM: 5598.2 MB Total Virtual: 8360.27 MB Available Virtual: 6012.11 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:29 GB) (Free:1.11 GB) NTFS Drive d: (ESP) (Fixed) (Total:0.29 GB) (Free:0.19 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 9A789CDB) Partition: GPT. Could not read MBR for disk 1. ==================== End of Addition.txt ============================ ==================== End of FRST.txt ============================

Here are the logs. I might post across multiple post. I suspect all the logs in one post might be to much. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Windows 8 x64 Ran by Administrator on 2015-10-22 at 10:01:33.58 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\HIDMonitor ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 2015-10-22 at 10:03:35.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.014 - Logfile created 22/10/2015 at 10:07:58 # Updated 18/10/2015 by Xplode # Database : 2015-10-18.5 [server] # Operating system : Windows 8 (x64) # Username : Administrator - NB4SW # Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} ***** [ Web browsers ] ***** ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [787 bytes] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2015-10-22 Scan Time: 10:13 AM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.21.07 Rootkit Database: v2015.10.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: FAT32 User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 384070 Time Elapsed: 15 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2015-10-21 Scan Time: 3:48 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.21.07 Rootkit Database: v2015.10.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: FAT32 User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 382925 Time Elapsed: 14 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

I did run chkdsk /f per additional.txt but it didn't find anything.

My computer disk space keeps getting full no matter how many items I delete. Even if I don't save anything to the drive it will fill up again to full. I ran malware bytes but it didn't find anything. I also tried to run eset online scanner but it came back with an error "can not get update is proxy configured". I don't use a proxy. Note there was also plenty of hard disk space when I tried to run it. Please help. Pl Here are my logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-10-2015 01 Ran by fnlyt_000 (ATTENTION: The user is not administrator) on NB4SW (16-10-2015 09:28:43) Running from C:\Users\fnlyt_000\Desktop Loaded Profiles: UpdatusUser & fnlyt_000 & Administrator (Available Profiles: UpdatusUser & fnlyt_000 & Administrator) Platform: Windows 8 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> svchost.exe Failed to access process -> nvvsvc.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> wlanext.exe Failed to access process -> conhost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> ETDService.exe Failed to access process -> dasHost.exe Failed to access process -> EvtEng.exe Failed to access process -> ibtrksrv.exe Failed to access process -> iSCTAgent.exe Failed to access process -> LMSvc.exe Failed to access process -> RegSrvc.exe Failed to access process -> ZeroConfigService.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> SearchIndexer.exe Failed to access process -> devmonsrv.exe Failed to access process -> unsecapp.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> obexsrv.exe Failed to access process -> ePowerSvc.exe Failed to access process -> BTHSAmpPalService.exe Failed to access process -> BTHSSecurityMgr.exe Failed to access process -> IntelMeFWService.exe Failed to access process -> Jhi_service.exe Failed to access process -> LMS.exe Failed to access process -> daemonu.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> dwm.exe Failed to access process -> nvxdsync.exe Failed to access process -> nvvsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe Failed to access process -> ePowerEvent.exe Failed to access process -> unsecapp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\ismagent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\updateui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe Failed to access process -> dllhost.exe Failed to access process -> taskhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM\...\Run: [DSKTOP1] => C:\Windows\system32\Desktop.scf [58 2013-06-19] () HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [WinTestCtrl] => C:\WinTest\WinTestCtrl\WinTestCtrl Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3518515903-1676577886-1794810530-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-06-19] ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{224DF92B-DAE0-4A95-BA53-EB485861725C}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3518515903-1676577886-1794810530-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKU\S-1-5-21-3518515903-1676577886-1794810530-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com URLSearchHook: [s-1-5-21-3518515903-1676577886-1794810530-1003] ATTENTION => Default URLSearchHook is missing URLSearchHook: [s-1-5-21-3518515903-1676577886-1794810530-500] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-1004 -> DefaultScope {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL = SearchScopes: HKU\S-1-5-21-3518515903-1676577886-1794810530-1004 -> {2C14B81C-93E8-462E-9C75-B31C7B2F4278} URL = FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.) S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed] R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation) R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-05-16] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2013-04-21] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [23040 2013-04-21] (Microsoft Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2013-04-21] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [23040 2013-04-21] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [29696 2013-04-21] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [23040 2013-04-21] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-04-21] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-21] (Broadcom Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [116168 2013-05-17] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-16] () R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation) R3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2013-06-19] (Windows ® 2003 DDK 3790 provider) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-11] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35232 2013-04-21] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [230904 2013-04-21] (Microsoft Corporation) S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-09-29] () S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X] S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-16 09:28 - 2015-10-16 09:29 - 00012973 _____ C:\Users\fnlyt_000\Desktop\FRST.txt 2015-10-16 09:28 - 2015-10-16 09:28 - 02196480 _____ (Farbar) C:\Users\fnlyt_000\Desktop\FRST64.exe 2015-10-16 09:28 - 2015-10-16 09:28 - 00000000 ____D C:\FRST 2015-10-15 15:17 - 2015-10-15 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-04 17:20 - 2015-10-04 17:20 - 00000000 _____ C:\Users\fnlyt_000\Documents\college essay.a6lswv5.partial 2015-09-21 01:25 - 2015-09-21 01:25 - 00000000 _____ C:\Users\fnlyt_000\Documents\physics cage crash_docx.wqw6rct.partial 2015-09-21 01:22 - 2015-09-21 01:22 - 00000000 _____ C:\Users\fnlyt_000\Documents\physics cage crash.86wo89y.partial ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-16 08:40 - 2013-06-19 02:09 - 01528324 _____ C:\Windows\WindowsUpdate.log 2015-10-16 08:34 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\sru 2015-10-15 15:18 - 2015-05-17 10:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-15 15:17 - 2015-05-17 10:38 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-15 15:17 - 2015-05-17 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-15 14:06 - 2012-07-26 15:59 - 00000000 ____D C:\Windows\CbsTemp 2015-10-05 09:50 - 2015-05-17 10:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-05 09:50 - 2015-05-17 10:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-05 09:50 - 2015-05-17 10:38 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-04 15:03 - 2013-05-16 14:05 - 00070240 _____ C:\Windows\PFRO.log 2015-10-04 15:03 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-29 13:22 - 2013-06-19 19:44 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys 2015-09-27 14:50 - 2015-09-15 20:06 - 00000470 _____ C:\Users\fnlyt_000\AppData\Roaming\Microsoft\Windows\Start Menu\Apple - iTunes - Download iTunes - Thank You.website ==================== Files in the root of some directories ======= 2013-06-19 02:46 - 2013-06-19 02:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01 Ran by fnlyt_000 (2015-10-16 09:29:14) Running from C:\Users\fnlyt_000\Desktop Windows 8 (X64) (2013-06-19 04:40:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3518515903-1676577886-1794810530-500 - Administrator - Enabled) => C:\Users\Administrator fnlyt_000 (S-1-5-21-3518515903-1676577886-1794810530-1004 - Limited - Enabled) => C:\Users\fnlyt_000 Guest (S-1-5-21-3518515903-1676577886-1794810530-501 - Limited - Disabled) UpdatusUser (S-1-5-21-3518515903-1676577886-1794810530-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.) HID Monitor (HKLM-x32\...\{7D00AB67-B37B-4CEF-9375-D8BE973AE7A6}) (Version: 1.1.5 - Acer Incorporated) Intel Experience Center - Configuration (x32 Version: 1.5.0.0 - Intel) Hidden Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel) Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{444400C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.0.1306.0342 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel) Intel® Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.34 - Synaptics Incorporated) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (Whitelisted) ============== 2013-06-19 03:10 - 2013-02-21 13:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2013-05-16 14:13 - 2013-04-02 12:42 - 00176024 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-08-24 05:02 - 2012-08-24 05:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3518515903-1676577886-1794810530-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{3187EA08-B9BC-473C-8953-EC8ABEBE63D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe FirewallRules: [{EB68DA63-8855-4639-9C27-48DBCFBC94F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe FirewallRules: [{3D703269-C242-40E0-A71B-748B3A7F66FB}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{35AF40B5-1EF1-4C85-849C-7645E912E378}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{5EEE9C5D-3732-46F1-A71E-227EB93748B1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{5F24D352-04E7-4981-B3F4-053E3FC868B9}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{8795846A-3DF9-423E-9D26-E507F5A0A603}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{829560A8-7C2A-4B81-8953-242FD58D8727}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{2B86C4AA-3100-4732-A7DF-34746E37A951}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{5E07CAE9-07B1-48AF-8530-0026D07E162F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{4C29B665-2030-4FBA-B203-F566324A0DF0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{15383A47-E224-4749-B374-4C0C3713488A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe FirewallRules: [{ACA89155-0F49-4E7F-BEA3-973BD1E2077C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{08AA8A8C-A7D6-4332-A19C-F8C498E7A9A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{D6123F31-2EA2-45A7-B277-63A1AC65A3BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{5B88DBCE-F7D9-4430-9CD9-A2216E9CD592}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{5A28CEB4-2B81-40C6-AC77-D855A71C7016}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{2CD75320-0B71-4783-AD42-CFED0629A812}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{7F0C3DFA-501A-4522-80AE-3A705271ADE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{DDC5F95F-1C4A-40AC-8BB1-994035CB3B43}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{509DABA6-94EE-44FD-98E6-6F92E5299913}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{3E41EBE4-E53F-4157-9B24-F4A33AAF4E50}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{13BC626F-A3E3-4B35-8A4E-2E1D055EABB5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{036308A9-3157-4E5D-8F38-AA29D79DBC35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{A9B24A98-5450-49D3-8192-955267B7814D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/16/2015 09:16:00 AM) (Source: ESENT) (EventID: 104) (User: ) Description: taskhostex (6496) WebCacheLocal: The database engine stopped the instance (0) with error (-510). Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.047, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000. Error: (10/16/2015 09:16:00 AM) (Source: ESENT) (EventID: 492) (User: ) Description: taskhostex (6496) WebCacheLocal: The logfile sequence in "C:\Users\fnlyt_000\AppData\Local\Microsoft\Windows\WebCache\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup. Error: (10/16/2015 09:16:00 AM) (Source: ESENT) (EventID: 413) (User: ) Description: taskhostex (6496) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529. Error: (10/16/2015 09:16:00 AM) (Source: ESENT) (EventID: 482) (User: ) Description: taskhostex (6496) WebCacheLocal: An attempt to write to the file "C:\Users\fnlyt_000\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" at offset 524288 (0x0000000000080000) for 0 (0x00000000) bytes failed after taskhostex0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Error: (10/16/2015 08:46:54 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DFB1C41216237EFEDC80EE0135CCD27BD22E5F43.bin.79 for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Antimalware Service Executable because of this error. Program: Antimalware Service Executable File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DFB1C41216237EFEDC80EE0135CCD27BD22E5F43.bin.79 The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000007F Disk type: 3 Error: (10/16/2015 08:46:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsMpEng.exe, version: 4.2.223.0, time stamp: 0x51023a8b Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000006 Fault offset: 0x000000372cefa582 Faulting process id: 0x328 Faulting application start time: 0xMsMpEng.exe0 Faulting application path: MsMpEng.exe1 Faulting module path: MsMpEng.exe2 Report Id: MsMpEng.exe3 Faulting package full name: MsMpEng.exe4 Faulting package-relative application ID: MsMpEng.exe5 Error: (10/16/2015 08:46:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume Acer (C:) was not optimized because an error was encountered: The disk being optimized is full. (0x8900001F) Error: (10/16/2015 08:45:46 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest. Error: (10/16/2015 08:40:47 AM) (Source: ESENT) (EventID: 104) (User: ) Description: wuaueng.dll (1004) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1092). Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.015, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000. Error: (10/16/2015 08:37:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: 80004005 System errors: ============= Error: (10/16/2015 08:46:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s). Error: (10/15/2015 02:45:45 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (10/15/2015 02:45:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (10/15/2015 02:45:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (10/15/2015 02:45:44 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (10/15/2015 02:45:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (10/15/2015 02:45:44 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys Error: (10/15/2015 02:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Defender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/15/2015 02:20:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/15/2015 02:06:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2978121). CodeIntegrity: =================================== Date: 2013-06-21 09:40:15.907 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 09:25:59.980 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 09:24:37.373 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 09:23:32.763 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 09:17:56.787 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 09:16:03.483 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 07:08:27.765 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 07:05:56.502 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-21 07:01:09.178 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\Drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-20 16:44:39.955 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5-4200U CPU @ 1.60GHz Percentage of memory in use: 31% Total physical RAM: 7848.27 MB Available physical RAM: 5384.23 MB Total Virtual: 8360.27 MB Available Virtual: 5695.77 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:29 GB) (Free:0.04 GB) NTFS Drive d: (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32 ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================

My C: drive is SSD so I won't defrag it. Thanks for your help!!!

# AdwCleaner v4.208 - Logfile created 19/07/2015 at 09:55:41 # Updated 09/07/2015 by Xplode # Database : 2015-07-15.1 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : mark - MYPC # Running from : I:\dwld\adwcleaner_4.208.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v10.0.9200.17410 -\\ Mozilla Firefox v39.0 (x86 en-US) -\\ Google Chrome v43.0.2357.134 -\\ Comodo Dragon v -\\ Chrome Canary v ************************* AdwCleaner[R0].txt - [7058 bytes] - [18/01/2014 11:27:55] AdwCleaner[R10].txt - [2223 bytes] - [19/05/2014 07:16:09] AdwCleaner[R11].txt - [2344 bytes] - [20/05/2014 06:52:46] AdwCleaner[R12].txt - [3286 bytes] - [27/05/2014 08:53:13] AdwCleaner[R13].txt - [2532 bytes] - [04/06/2014 11:17:18] AdwCleaner[R14].txt - [3231 bytes] - [09/06/2014 10:33:58] AdwCleaner[R15].txt - [5152 bytes] - [16/09/2014 09:35:19] AdwCleaner[R16].txt - [2997 bytes] - [16/09/2014 09:42:34] AdwCleaner[R17].txt - [3975 bytes] - [01/07/2015 16:28:58] AdwCleaner[R18].txt - [2845 bytes] - [19/07/2015 09:51:20] AdwCleaner[R1].txt - [2012 bytes] - [13/02/2014 09:33:23] AdwCleaner[R2].txt - [3818 bytes] - [16/04/2014 10:47:47] AdwCleaner[R3].txt - [1433 bytes] - [16/04/2014 11:09:23] AdwCleaner[R4].txt - [4512 bytes] - [07/05/2014 09:34:16] AdwCleaner[R5].txt - [1673 bytes] - [07/05/2014 09:39:17] AdwCleaner[R6].txt - [1793 bytes] - [09/05/2014 07:31:26] AdwCleaner[R7].txt - [1855 bytes] - [13/05/2014 11:48:17] AdwCleaner[R8].txt - [1975 bytes] - [14/05/2014 09:07:45] AdwCleaner[R9].txt - [2095 bytes] - [16/05/2014 08:27:02] AdwCleaner[s0].txt - [7087 bytes] - [18/01/2014 11:31:52] AdwCleaner[s10].txt - [2406 bytes] - [20/05/2014 06:57:13] AdwCleaner[s11].txt - [3362 bytes] - [27/05/2014 08:53:52] AdwCleaner[s12].txt - [2596 bytes] - [04/06/2014 11:18:12] AdwCleaner[s13].txt - [3204 bytes] - [09/06/2014 10:40:40] AdwCleaner[s14].txt - [5274 bytes] - [16/09/2014 09:36:50] AdwCleaner[s15].txt - [4080 bytes] - [01/07/2015 16:31:04] AdwCleaner[s16].txt - [2238 bytes] - [19/07/2015 09:55:41] AdwCleaner[s1].txt - [2093 bytes] - [13/02/2014 10:11:36] AdwCleaner[s2].txt - [3528 bytes] - [16/04/2014 11:03:03] AdwCleaner[s3].txt - [1494 bytes] - [16/04/2014 11:10:32] AdwCleaner[s4].txt - [4492 bytes] - [07/05/2014 09:35:41] AdwCleaner[s5].txt - [1734 bytes] - [07/05/2014 09:40:04] AdwCleaner[s6].txt - [1916 bytes] - [13/05/2014 11:49:01] AdwCleaner[s7].txt - [2036 bytes] - [14/05/2014 09:11:13] AdwCleaner[s8].txt - [2156 bytes] - [16/05/2014 08:27:41] AdwCleaner[s9].txt - [2283 bytes] - [19/05/2014 07:16:54] ########## EOF - C:\AdwCleaner\AdwCleaner[s16].txt - [2829 bytes] ########## # AdwCleaner v4.208 - Logfile created 19/07/2015 at 09:51:20 # Updated 09/07/2015 by Xplode # Database : 2015-07-15.1 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : mark - MYPC # Running from : I:\dwld\adwcleaner_4.208.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v10.0.9200.17410 -\\ Mozilla Firefox v39.0 (x86 en-US) -\\ Google Chrome v43.0.2357.134 -\\ Comodo Dragon v -\\ Chrome Canary v ************************* AdwCleaner[R0].txt - [7058 bytes] - [18/01/2014 11:27:55] AdwCleaner[R10].txt - [2223 bytes] - [19/05/2014 07:16:09] AdwCleaner[R11].txt - [2344 bytes] - [20/05/2014 06:52:46] AdwCleaner[R12].txt - [3286 bytes] - [27/05/2014 08:53:13] AdwCleaner[R13].txt - [2532 bytes] - [04/06/2014 11:17:18] AdwCleaner[R14].txt - [3231 bytes] - [09/06/2014 10:33:58] AdwCleaner[R15].txt - [5152 bytes] - [16/09/2014 09:35:19] AdwCleaner[R16].txt - [2997 bytes] - [16/09/2014 09:42:34] AdwCleaner[R17].txt - [3975 bytes] - [01/07/2015 16:28:58] AdwCleaner[R18].txt - [1224 bytes] - [19/07/2015 09:51:20] AdwCleaner[R1].txt - [2012 bytes] - [13/02/2014 09:33:23] AdwCleaner[R2].txt - [3818 bytes] - [16/04/2014 10:47:47] AdwCleaner[R3].txt - [1433 bytes] - [16/04/2014 11:09:23] AdwCleaner[R4].txt - [4512 bytes] - [07/05/2014 09:34:16] AdwCleaner[R5].txt - [1673 bytes] - [07/05/2014 09:39:17] AdwCleaner[R6].txt - [1793 bytes] - [09/05/2014 07:31:26] AdwCleaner[R7].txt - [1855 bytes] - [13/05/2014 11:48:17] AdwCleaner[R8].txt - [1975 bytes] - [14/05/2014 09:07:45] AdwCleaner[R9].txt - [2095 bytes] - [16/05/2014 08:27:02] AdwCleaner[s0].txt - [7087 bytes] - [18/01/2014 11:31:52] AdwCleaner[s10].txt - [2406 bytes] - [20/05/2014 06:57:13] AdwCleaner[s11].txt - [3362 bytes] - [27/05/2014 08:53:52] AdwCleaner[s12].txt - [2596 bytes] - [04/06/2014 11:18:12] AdwCleaner[s13].txt - [3204 bytes] - [09/06/2014 10:40:40] AdwCleaner[s14].txt - [5274 bytes] - [16/09/2014 09:36:50] AdwCleaner[s15].txt - [4080 bytes] - [01/07/2015 16:31:04] AdwCleaner[s1].txt - [2093 bytes] - [13/02/2014 10:11:36] AdwCleaner[s2].txt - [3528 bytes] - [16/04/2014 11:03:03] AdwCleaner[s3].txt - [1494 bytes] - [16/04/2014 11:10:32] AdwCleaner[s4].txt - [4492 bytes] - [07/05/2014 09:35:41] AdwCleaner[s5].txt - [1734 bytes] - [07/05/2014 09:40:04] AdwCleaner[s6].txt - [1916 bytes] - [13/05/2014 11:49:01] AdwCleaner[s7].txt - [2036 bytes] - [14/05/2014 09:11:13] AdwCleaner[s8].txt - [2156 bytes] - [16/05/2014 08:27:41] AdwCleaner[s9].txt - [2283 bytes] - [19/05/2014 07:16:54] ########## EOF - C:\AdwCleaner\AdwCleaner[R18].txt - [2765 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.1 (07.16.2015:1) OS: Windows 7 Ultimate x64 Ran by mark on Sun 07/19/2015 at 10:00:57.93 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\Synology Data Replicator 3-MYPC-mark Successfully deleted: [Task] C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\google Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\1641 Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\2122 Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\3602 Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\4000 Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\6293 ~~~ FireFox Emptied folder: C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\kyn1olxa.default-1424797121510\minidumps [2 files] ~~~ Chrome [C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 07/19/2015 at 10:06:04.73 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Results of screen317's Security Check version 1.005 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Forefront Endpoint Protection (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 45 Adobe Flash Player 18.0.0.209 Mozilla Firefox (39.0) Google Chrome (43.0.2357.132) Google Chrome (43.0.2357.134) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by mark at 2015-07-17 02:58:25 Run:2 Running from C:\Users\mark\Desktop Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda) Boot Mode: Normal ============================================== fixlist content: ***************** C:\Program Files (x86)\DVDFab 9 C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC} C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC} C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe H:\dwld\FreeVideoCapture_CNET.exe H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll CloseProcesses: EmptyTemp: Reboot: ***************** C:\Program Files (x86)\DVDFab 9 => moved successfully. C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC} => moved successfully. "C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}" => File/Folder not found. C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo => moved successfully. C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi => moved successfully. C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp => moved successfully. C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo => moved successfully. C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi => moved successfully. C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp => moved successfully. E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe => moved successfully. H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => moved successfully. H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe => moved successfully. H:\dwld\FreeVideoCapture_CNET.exe => moved successfully. H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll => moved successfully. Processes closed successfully. EmptyTemp: => 309.5 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 02:59:05 ==== C:\AdwCleaner\Quarantine\C\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\replay.media.catcher.5.0.0.99-MPT.exe.vir a variant of Win32/HackTool.Patcher.AD potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir a variant of Win32/Techsnab.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\ss supporter\Assistant_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe.vir a variant of Win32/Techsnab.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll.vir a variant of Win32/Techsnab.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe.vir a variant of Win32/Techsnab.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll.vir a variant of Win32/Techsnab.A potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\GetPrivate\gp_upd.exe.vir a variant of Win32/Techsnab.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\jggar@xptwae.org\content\bg.js.vir Win32/Adware.MultiPlug.EK application C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\yea426uu@dhprfe.net\content\bg.js.vir Win32/Adware.MultiPlug.EK application C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\SearchProtection.exe.vir a variant of Win32/Toolbar.Widgi.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\Uninstall.exe.vir a variant of Win32/Toolbar.Widgi.J potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Update Manager\UM.exe.vir a variant of Win32/Toolbar.Widgi.U potentially unwanted application C:\AdwCleaner\Quarantine\C\Util\uTorrent.exe.vir a variant of Win32/Bunndle potentially unsafe application C:\FRST\Quarantine\C\Program Files (x86)\DVDFab 9\BRD.dll a variant of Win32/Packed.VMProtect.ABO trojan C:\FRST\Quarantine\C\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js Win32/Adware.MultiPlug.EB application C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js Win32/Adware.MultiPlug.EB application C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js Win32/Adware.MultiPlug.EB application C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js Win32/Adware.MultiPlug.EB application C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js Win32/Adware.MultiPlug.EB application C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js Win32/Adware.MultiPlug.EB application C:\FRST\Quarantine\E\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe.xBAD Win32/OpenCandy potentially unsafe application C:\FRST\Quarantine\H\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\FRST\Quarantine\H\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe.xBAD Win32/OpenCandy potentially unsafe application C:\FRST\Quarantine\H\dwld\FreeVideoCapture_CNET.exe.xBAD a variant of Win32/Tsingsoft.A potentially unwanted application C:\FRST\Quarantine\H\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application

Sorry for the delay. Eset took a very long time as I have large amount of disks. I could not find: DISH Anywhere Video Player Installer (x32 Version: 0.0.0.188 - Sling Media) Hidden but was able to uninstall the other 2. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/15/2015 Scan Time: 9:14 AM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.15.05 Rootkit Database: v2015.07.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: mark Scan Type: Threat Scan Result: Completed Objects Scanned: 643571 Time Elapsed: 13 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b967cc1db6773c489dfde017f688ab02 # end=init # utc_time=2015-07-15 04:39:51 # local_time=2015-07-15 09:39:51 (-0800, Pacific Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24812 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b967cc1db6773c489dfde017f688ab02 # end=updated # utc_time=2015-07-15 04:43:38 # local_time=2015-07-15 09:43:38 (-0800, Pacific Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=b967cc1db6773c489dfde017f688ab02 # engine=24812 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-07-16 04:05:34 # local_time=2015-07-15 09:05:34 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 62645967 188562984 0 0 # scanned=1194323 # found=50 # cleaned=0 # scan_time=40915 sh=CEAAA6689E7192AA2292B16599047975DB4C1E60 ft=1 fh=39ea1816af158d56 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\replay.media.catcher.5.0.0.99-MPT.exe.vir" sh=1F1F560C29DB6A61B05212EEA0E3C68DE0B9D61E ft=1 fh=0901d8467018be74 vn="a variant of Win32/Techsnab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir" sh=2C5AA90350EA9A8FA0391A0EADE7C6C136A58A2C ft=1 fh=c71c00112c474a2d vn="a variant of Win64/SProtector.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ss supporter\Assistant_x64.dll.vir" sh=A6326480D436E7A81C9F88773AF076F892533C54 ft=1 fh=7ea23495ccc6880c vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe.vir" sh=44B4BFBB97F949B7906D8331018D44A58D563526 ft=1 fh=eadef1625f8507bb vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll.vir" sh=4ABF7F5415FECF1DDB30956F1CF0A21006DDC693 ft=1 fh=e834c045009faf5f vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe.vir" sh=CB014C39FC72708E313BDC8DDA9144E3DA7DE68C ft=1 fh=524063ddb00bdfac vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll.vir" sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir" sh=1F1F560C29DB6A61B05212EEA0E3C68DE0B9D61E ft=1 fh=0901d8467018be74 vn="a variant of Win32/Techsnab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\GetPrivate\gp_upd.exe.vir" sh=3B91A3145B7D5AA3581AC812A02257BE572862E9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\jggar@xptwae.org\content\bg.js.vir" sh=F1A4C9A54D6C13F00D7E2F571E1A1CFD394781E3 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\yea426uu@dhprfe.net\content\bg.js.vir" sh=BE50CDDCFCC95639534033BFBF01A8305FA43B2A ft=1 fh=791567f6b933959d vn="a variant of Win32/Toolbar.Widgi.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\SearchProtection.exe.vir" sh=D7949BB2C4538A60B9F7DE5CE0F304FF726CBFFF ft=1 fh=c095e1f088b7bb3e vn="a variant of Win32/Toolbar.Widgi.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\Uninstall.exe.vir" sh=F85A41D270C5153524ABF2AC1F1F9678D709199F ft=1 fh=00b4d39371a2559f vn="a variant of Win32/Toolbar.Widgi.U potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Update Manager\UM.exe.vir" sh=D2408C8A09A2BD9704AF39F818EC7AC9E9CCA46E ft=1 fh=08d2b982dc66508e vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Util\uTorrent.exe.vir" sh=236E9B77218EA4F4C41D071C4851FD60D7B98843 ft=1 fh=876d10472c82787a vn="a variant of Win32/Packed.VMProtect.ABO trojan" ac=I fn="C:\Program Files (x86)\DVDFab 9\BRD.dll" sh=1A3B1DAF00298FC46BB75BF9D17960C4EEAC0925 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll" sh=1A3B1DAF00298FC46BB75BF9D17960C4EEAC0925 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll" sh=C47FC5BB2593A3811A3584EE27ED9FEA75921950 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js" sh=F3AC6DAA4E6A9D932652F08F39D5B48715D094BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js" sh=50DC84207F6DB0CD7616DD7627E4F479D3B38474 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js" sh=C47FC5BB2593A3811A3584EE27ED9FEA75921950 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js" sh=F3AC6DAA4E6A9D932652F08F39D5B48715D094BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js" sh=50DC84207F6DB0CD7616DD7627E4F479D3B38474 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js" sh=E57E473126A14C01D21F82BDF311D9850650ED0E ft=1 fh=0ae8027449f7283d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe" sh=13D4D95B639E1879C40A384A178987A3A159330A ft=1 fh=8580574a11020f17 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins\npConduitFirefoxPlugin.dll" sh=E57E473126A14C01D21F82BDF311D9850650ED0E ft=1 fh=0ae8027449f7283d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe" sh=1F8AB4681581BA4A31DD06CAFE417CE53945680B ft=1 fh=d10192e685f1b13a vn="a variant of Win32/Tsingsoft.A potentially unwanted application" ac=I fn="H:\dwld\FreeVideoCapture_CNET.exe" sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABO trojan" ac=I fn="${Memory}"

Thanks. Done. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by mark (administrator) on MYPC on 14-07-2015 09:51:07 Running from C:\Users\mark\Desktop Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe () I:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe () I:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd.) C:\Windows\V0230Mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe () C:\Program Files\pia_manager\pia_manager.exe (Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd.) C:\Windows\V0230Mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocrE243.tmp\bin\rubyw.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe () C:\Program Files\pia_manager\pia_manager.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocr6C3.tmp\bin\rubyw.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Program Files\pia_manager\pia_tray\pia_tray.exe () C:\Program Files\pia_manager\openvpn.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_191_ActiveX.exe (Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391632 2012-09-25] (Acronis) HKLM\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1496960 2012-09-25] (Acronis) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] () HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105280 2012-08-16] (Acronis) HKLM-x32\...\Run: [backupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530896 2012-09-25] (Acronis) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [AddressBookReminderApp] => I:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-17] (cyberlink) HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1970176 2009-08-26] (Gigabyte Technology Corp.) HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE HKLM-x32\...\Run: [V0230Mon.exe] => C:\Windows\V0230Mon.exe [32768 2006-09-07] (Creative Technology Ltd.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [Device Detector] => DevDetect.exe -autorun HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1 HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd) HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\MountPoints2: {fb94094d-c55f-11e2-b0fc-806e6f6e6963} - E:\AutoPlay.exe -c HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk [2014-01-20] ShortcutTarget: CloudStation.lnk -> C:\Users\mark\AppData\Local\CloudStation\bin\cloud.exe () ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>) ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>) ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>) ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130522,19891,0,25,0 HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141 HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {E8342393-60D6-4378-9D30-DE53EB446344} URL = SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {F479E1E4-E728-429B-8599-A903BBD5A2E6} URL = SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} BHO: AdBlockanWaitchu -> {2954FA7F-6EA5-6DFC-5D7D-F60995913C7C} -> C:\ProgramData\AdBlockanWaitchu\K.x64.dll No File BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO: YoutubeAdblocker -> {7C1A7E48-B3E2-444F-9969-FCB352AF8A8C} -> C:\Program Files (x86)\YoutubeAdblocker\4FEYC.x64.dll No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: greaatsaaver -> {CE6BAB4F-55F6-E5DA-EBBE-2BDC31A56939} -> C:\Program Files (x86)\greaatsaaver\mWvsG.x64.dll No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP6-17378/webex/ieatgpc1.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058 Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{45D0F8FF-83C4-45EC-BB05-4EF018B383C5}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{5A2AFB55-96A1-4A92-9F01-7E82ED5C806A}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{F58A8856-1C2D-45F4-A0BD-1AE710E411D6}: [NameServer] 129.250.35.251,192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510 FF DefaultSearchEngine: Yahoo! FF SelectedSearchEngine: Yahoo! FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @canon.com/EPPEX -> H:\Program Files (x86)\cannon\NPEZFFPI.DLL [2013-04-19] (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.) FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-25] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-25] (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2933260109-1030829455-491473259-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mark\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-02-25] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-02-25] (RealPlayer Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-14] (Cisco WebEx LLC) FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\searchplugins\yandex.xml [2015-05-01] FF Extension: WebSlingPlayer - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2015-03-31] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-11] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-25] FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-15] CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-06-10] CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30] CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2021248 2012-02-10] (Acronis) R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5292048 2012-09-25] (Acronis) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-30] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-05] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10172768 2012-09-25] (Acronis) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-25] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) R2 SynoDrService; I:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [381312 2013-04-24] () [File not signed] R2 UsbClientService; i:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.) S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd) S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd) S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.) S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd) S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-26] (Duplex Secure Ltd.) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1322120 2013-05-04] (Acronis) R3 V0230Vfx; C:\Windows\System32\DRIVERS\V0230Vfx.sys [10752 2006-05-05] (EyePower Games Pte. Ltd.) R3 V0230VID; C:\Windows\System32\DRIVERS\V0230VID.sys [595488 2007-08-07] (Creative Technology Ltd.) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.) R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.) U3 at4srv7k; C:\Windows\System32\Drivers\at4srv7k.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder) S3 COMMONFX.DLL; system32\COMMONFX.DLL [X] S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X] S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X] S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X] S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-14 09:47 - 2015-07-14 09:47 - 00262144 _____ C:\Windows\Minidump\071415-18735-01.dmp 2015-07-12 13:00 - 2015-07-12 13:00 - 00002956 _____ C:\Users\mark\Desktop\aswMBR.txt 2015-07-12 13:00 - 2015-07-12 13:00 - 00000512 _____ C:\Users\mark\Desktop\MBR.dat 2015-07-12 10:05 - 2015-07-12 10:05 - 05200384 _____ (AVAST Software) C:\Users\mark\Desktop\aswmbr.exe 2015-07-11 10:08 - 2015-07-14 09:43 - 00000000 ____D C:\Users\mark\Desktop\FRST-OlderVersion 2015-07-09 12:04 - 2015-07-09 12:04 - 00000000 ____D C:\Users\mark\AppData\Roaming\32040 2015-07-08 18:26 - 2015-07-14 09:45 - 00028833 _____ C:\Users\mark\Desktop\Addition.txt 2015-07-08 18:24 - 2015-07-14 09:51 - 00036490 _____ C:\Users\mark\Desktop\FRST.txt 2015-07-08 18:23 - 2015-07-14 09:51 - 00000000 ____D C:\FRST 2015-07-08 18:23 - 2015-07-14 09:43 - 02133504 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe 2015-07-02 11:42 - 2015-07-02 11:42 - 00290808 _____ C:\Windows\Minidump\070215-17331-01.dmp 2015-07-01 23:50 - 2015-05-27 19:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-01 23:50 - 2015-05-27 19:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-01 23:50 - 2015-05-27 19:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-01 23:50 - 2015-05-27 19:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-01 23:50 - 2015-05-27 19:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-01 23:50 - 2015-05-27 19:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-01 23:50 - 2015-05-27 19:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-01 23:50 - 2015-05-27 19:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-01 23:50 - 2015-05-27 19:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-01 23:50 - 2015-05-27 17:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-01 23:50 - 2015-05-27 17:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-01 23:50 - 2015-05-27 17:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-01 23:50 - 2015-05-27 17:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-01 23:50 - 2015-05-27 17:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-01 23:50 - 2015-05-27 17:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-01 23:50 - 2015-05-27 17:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-01 23:50 - 2015-05-27 17:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-01 23:50 - 2015-05-27 17:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-01 23:50 - 2015-05-27 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-01 23:50 - 2015-05-27 17:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-01 23:50 - 2015-05-27 16:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-01 23:49 - 2015-05-27 19:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-07-01 23:49 - 2015-05-27 17:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-07-01 23:49 - 2015-05-27 16:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-07-01 23:49 - 2015-05-27 16:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-06-30 20:27 - 2015-06-30 20:27 - 00262144 _____ C:\Windows\Minidump\063015-17768-01.dmp 2015-06-30 07:28 - 2015-06-30 07:28 - 00000000 ____D C:\Users\mark\Calibre Library 2015-06-27 12:36 - 2015-06-27 12:36 - 00000000 ____D C:\Users\mark\AppData\Roaming\27566 2015-06-25 20:05 - 2015-06-25 20:05 - 00535176 _____ C:\Windows\Minidump\062515-17456-01.dmp 2015-06-17 11:45 - 2015-06-17 11:45 - 00399272 _____ C:\Windows\Minidump\061715-16738-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-14 09:50 - 2013-06-22 10:24 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-07-14 09:50 - 2013-06-01 13:04 - 00000000 ____D C:\ProgramData\Adobe 2015-07-14 09:49 - 2013-06-22 10:26 - 00000000 ____D C:\Program Files\Adobe 2015-07-14 09:49 - 2013-05-25 13:34 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-14 09:48 - 2013-07-20 12:12 - 00000000 ____D C:\Users\mark\AppData\Local\CloudStation 2015-07-14 09:48 - 2013-04-30 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-14 09:47 - 2015-05-24 09:24 - 999228359 _____ C:\Windows\MEMORY.DMP 2015-07-14 09:47 - 2013-12-16 12:16 - 00000000 ____D C:\Windows\Minidump 2015-07-14 09:47 - 2013-10-28 10:40 - 00000000 ____D C:\Users\mark\AppData\Roaming\Dropbox 2015-07-14 09:47 - 2013-05-31 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-14 09:47 - 2010-11-20 20:47 - 00328546 _____ C:\Windows\PFRO.log 2015-07-14 09:47 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-14 09:47 - 2009-07-13 21:51 - 00001395 _____ C:\Windows\setupact.log 2015-07-14 09:31 - 2013-04-30 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-14 09:22 - 2015-04-17 17:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-14 08:55 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-07-14 08:32 - 2013-11-29 10:23 - 00002112 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-14 07:46 - 2013-04-29 20:02 - 01965622 _____ C:\Windows\WindowsUpdate.log 2015-07-14 04:28 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-14 04:28 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-14 02:54 - 2013-09-25 16:55 - 00000296 _____ C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job 2015-07-14 02:00 - 2014-08-27 11:52 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe 2015-07-11 16:41 - 2013-07-18 17:04 - 00007604 _____ C:\Users\mark\AppData\Local\Resmon.ResmonCfg 2015-07-11 13:50 - 2015-05-15 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-08 18:23 - 2015-04-17 17:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-08 18:23 - 2015-04-17 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-08 18:23 - 2015-04-17 17:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-04 10:05 - 2013-08-07 16:02 - 00000000 ____D C:\ProgramData\CanonIJPLM 2015-07-04 10:01 - 2009-07-13 22:13 - 04704652 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-02 11:09 - 2013-06-29 09:30 - 00000000 ____D C:\Users\mark\AppData\Roaming\Mp3tag 2015-07-02 03:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2015-07-01 16:56 - 2013-11-29 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-01 16:47 - 2014-09-16 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-01 16:31 - 2014-01-18 11:27 - 00000000 ____D C:\AdwCleaner 2015-07-01 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-30 16:26 - 2013-11-29 10:23 - 00002440 _____ C:\Users\mark\Desktop\Google Chrome.lnk 2015-06-30 14:35 - 2014-08-06 08:19 - 00000000 ____D C:\Program Files (x86)\DVDFab 9 2015-06-30 14:34 - 2015-05-30 13:57 - 00001005 _____ C:\Users\Public\Desktop\DVDFab 9.lnk 2015-06-30 14:34 - 2015-05-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 2015-06-30 07:28 - 2013-04-29 20:03 - 00000000 ____D C:\Users\mark 2015-06-25 18:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-17 11:52 - 2014-12-06 17:17 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieBrowserModeList 2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieUserList 2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieSiteList 2015-06-16 10:32 - 2015-02-07 17:45 - 00000000 ____D C:\Program Files (x86)\Quicken ==================== Files in the root of some directories ======= 2014-02-27 14:24 - 2014-02-27 14:24 - 0000029 _____ () C:\Users\mark\AppData\Roaming\default.rss 2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\Users\mark\AppData\Roaming\LaunchAgents 2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 _____ () C:\Users\mark\AppData\Roaming\Multipressor 2013-06-24 10:08 - 2015-04-02 15:21 - 0038400 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-18 17:04 - 2015-07-11 16:41 - 0007604 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg 2013-12-19 18:53 - 2015-04-26 09:58 - 0000040 ___SH () C:\ProgramData\.zreglib 2013-06-28 14:52 - 2013-06-28 14:52 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-06-01 11:15 - 2013-08-07 18:11 - 0007695 _____ () C:\ProgramData\hpzinstall.log 2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Internet Services 2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\ProgramData\Light Machine 2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Metadata Importer 2013-12-14 14:23 - 2015-01-24 12:33 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-06-15 15:20 - 2013-06-15 15:20 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT 2013-06-15 14:30 - 2013-06-15 15:17 - 0000000 ____H () C:\ProgramData\PKP_DLea.DAT 2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT 2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT Some files in TEMP: ==================== C:\Users\Linda.MYPC.000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\mark\AppData\Local\Temp\AVG Toolbar v.9.23.exe C:\Users\mark\AppData\Local\Temp\checkChipVersion_v1006.exe C:\Users\mark\AppData\Local\Temp\CheckLang.dll C:\Users\mark\AppData\Local\Temp\COMAP.EXE C:\Users\mark\AppData\Local\Temp\CtRunApp.dll C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcq4yrf.dll C:\Users\mark\AppData\Local\Temp\en_ww_Package.exe C:\Users\mark\AppData\Local\Temp\GPUpd54120DC81.exe C:\Users\mark\AppData\Local\Temp\GPUpd5416024B1.exe C:\Users\mark\AppData\Local\Temp\GPUpd541753D81.exe C:\Users\mark\AppData\Local\Temp\haspdinst_x64.exe C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\mark\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\mark\AppData\Local\Temp\lowproc.exe C:\Users\mark\AppData\Local\Temp\MSETUP4.EXE C:\Users\mark\AppData\Local\Temp\namebench.exe C:\Users\mark\AppData\Local\Temp\ose00000.exe C:\Users\mark\AppData\Local\Temp\ose00003.exe C:\Users\mark\AppData\Local\Temp\PidGenX.dll C:\Users\mark\AppData\Local\Temp\post1.exe C:\Users\mark\AppData\Local\Temp\post2.dll C:\Users\mark\AppData\Local\Temp\post2.exe C:\Users\mark\AppData\Local\Temp\python27.dll C:\Users\mark\AppData\Local\Temp\Quarantine.exe C:\Users\mark\AppData\Local\Temp\RunApp.dll C:\Users\mark\AppData\Local\Temp\SCC.dll C:\Users\mark\AppData\Local\Temp\setup.exe C:\Users\mark\AppData\Local\Temp\SkypeSetup.exe C:\Users\mark\AppData\Local\Temp\sqlite3.dll C:\Users\mark\AppData\Local\Temp\stubhelper.dll C:\Users\mark\AppData\Local\Temp\SymCCIS.dll C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3004.exe C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3103.exe C:\Users\mark\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\mark\AppData\Local\Temp\tcl85.dll C:\Users\mark\AppData\Local\Temp\tk85.dll C:\Users\mark\AppData\Local\Temp\utt71C4.tmp.exe C:\Users\mark\AppData\Local\Temp\utt71F.tmp.exe C:\Users\mark\AppData\Local\Temp\vsdel.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-03 13:23 ==================== End of log ============================ Addition.txt

Hi Psychotic, Can you tell me which program you believe is cracked? I will uninstall it. I uninstalled FileZilla which I had downloaded from a questionable website. Hopefully, that was it.

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software Run date: 2015-07-12 10:05:22 ----------------------------- 10:05:22.754 OS Version: Windows x64 6.1.7601 Service Pack 1 10:05:22.754 Number of processors: 4 586 0xF0B 10:05:22.756 ComputerName: MYPC UserName: mark 10:05:23.588 Initialize success 10:05:25.052 VM: initialized successfully 10:05:25.066 VM: Intel CPU supported 10:05:42.151 VM: disk I/O atapi.sys 10:15:23.586 AVAST engine defs: 15071201 10:16:29.532 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 10:16:29.536 Disk 0 Vendor: ST3500630AS 3.AAK Size: 476938MB BusType: 3 10:16:29.540 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5 10:16:29.545 Disk 1 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715404MB BusType: 3 10:16:29.550 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2 10:16:29.558 Disk 2 Vendor: Hitachi_HDS5C3020ALA632 ML6OA580 Size: 1907729MB BusType: 3 10:16:29.563 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP7T0L0-d 10:16:29.570 Disk 3 Vendor: OCZ-AGILITY3 2.25 Size: 228936MB BusType: 11 10:16:29.578 Disk 4 \Device\Harddisk4\DR4 -> \Device\Scsi\JRAID1Port8Path0Target0Lun0 10:16:29.584 Disk 4 Vendor: WDC_____ 080. Size: 2861588MB BusType: 8 10:16:29.910 Disk 3 MBR read successfully 10:16:29.917 Disk 3 MBR scan 10:16:29.965 Disk 3 Windows 7 default MBR code 10:16:29.973 Disk 3 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 10:16:29.980 Disk 3 Boot: NTFS code=1 10:16:30.015 Disk 3 Partition 2 00 07 HPFS/NTFS NTFS 228834 MB offset 206848 10:16:30.084 Disk 3 scanning C:\Windows\system32\drivers 10:16:46.892 Service scanning 10:17:14.359 Modules scanning 10:17:14.370 Disk 3 trace - called modules: 10:17:14.379 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80068df2c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 10:17:14.386 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa8006c95060] 10:17:14.391 3 CLASSPNP.SYS[fffff880017ca43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP7T0L0-d[0xfffffa8006a2e060] 10:17:14.401 \Driver\atapi[0xfffffa80069cddb0] -> IRP_MJ_CREATE -> 0xfffffa80068df2c0 10:17:14.921 AVAST engine scan C:\Windows 10:17:16.948 AVAST engine scan C:\Windows\system32 10:21:24.172 AVAST engine scan C:\Windows\system32\drivers 10:21:50.917 AVAST engine scan C:\Users\mark 11:35:28.784 File: C:\Users\mark\AppData\Local\Temp\post1.exe **INFECTED** Win32:Adware-CHW [Adw] 11:54:09.686 AVAST engine scan C:\ProgramData 12:01:26.371 Disk 3 statistics 7347378/0/0 @ 1.09 MB/s 12:01:26.383 Scan finished successfully 13:00:26.832 Disk 3 MBR has been saved successfully to "C:\Users\mark\Desktop\MBR.dat" 13:00:26.877 The log file has been saved successfully to "C:\Users\mark\Desktop\aswMBR.txt"

My browsers especially IE appear to be very sluggish. I started to disable unknown add-ons and noticed three add-on that are enabled and do not allow me to disable them. Specifically. AdBlockerWaitchu, YoutubeAdblocker, and greaatsaaver. I looked around and found these are malware but couldn't find a method that would remove them. Additionally, my DishAnywhere video is now intermittent. It will play and then eventually black screen. I believe adobe flashplayer may be used for the dishplayer app. I uninstalled and reinstalled both to no avail. Please help. Below are my logs. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015 Ran by mark (administrator) on MYPC on 11-07-2015 10:24:51 Running from C:\Users\mark\Desktop Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe (Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe () I:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe () I:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Program Files\pia_manager\pia_manager.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd.) C:\Windows\V0230Mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocr8DDD.tmp\bin\rubyw.exe () C:\Program Files\pia_manager\pia_manager.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocrBD26.tmp\bin\rubyw.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Program Files\pia_manager\pia_tray\pia_tray.exe (Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Collectorz.com) C:\Program Files (x86)\Collectorz.com\Movie Collector\MovieCollector.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (WinZip Computing, Inc.) H:\util\WinZip\WINZIP32.EXE (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe (ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe (jdobbs softworks) C:\Program Files (x86)\BD_Rebuilder\BDRB.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe (LIGHTNING UK!) I:\Program Files (x86)\ImgBurn\ImgBurn.exe (FengTao Software Inc.) C:\Program Files (x86)\DVDFab 9\DVDFab.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\pia_manager\openvpn.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\splwow64.exe () C:\Program Files (x86)\Calibre2\calibre.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391632 2012-09-25] (Acronis) HKLM\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1496960 2012-09-25] (Acronis) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] () HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105280 2012-08-16] (Acronis) HKLM-x32\...\Run: [backupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530896 2012-09-25] (Acronis) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [AddressBookReminderApp] => I:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-17] (cyberlink) HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1970176 2009-08-26] (Gigabyte Technology Corp.) HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE HKLM-x32\...\Run: [V0230Mon.exe] => C:\Windows\V0230Mon.exe [32768 2006-09-07] (Creative Technology Ltd.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe [623792 2015-06-23] (Adobe Systems Incorporated) HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [Device Detector] => DevDetect.exe -autorun HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1 HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd) HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\MountPoints2: {fb94094d-c55f-11e2-b0fc-806e6f6e6963} - E:\AutoPlay.exe -c HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk [2014-01-20] ShortcutTarget: CloudStation.lnk -> C:\Users\mark\AppData\Local\CloudStation\bin\cloud.exe () Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-07] ShortcutTarget: Dropbox.lnk -> C:\Users\mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>) ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>) ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>) ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130522,19891,0,25,0 HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141 HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {E8342393-60D6-4378-9D30-DE53EB446344} URL = SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {F479E1E4-E728-429B-8599-A903BBD5A2E6} URL = SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} BHO: AdBlockanWaitchu -> {2954FA7F-6EA5-6DFC-5D7D-F60995913C7C} -> C:\ProgramData\AdBlockanWaitchu\K.x64.dll No File BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO: YoutubeAdblocker -> {7C1A7E48-B3E2-444F-9969-FCB352AF8A8C} -> C:\Program Files (x86)\YoutubeAdblocker\4FEYC.x64.dll No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: greaatsaaver -> {CE6BAB4F-55F6-E5DA-EBBE-2BDC31A56939} -> C:\Program Files (x86)\greaatsaaver\mWvsG.x64.dll No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP6-17378/webex/ieatgpc1.cab DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058 Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{45D0F8FF-83C4-45EC-BB05-4EF018B383C5}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{5A2AFB55-96A1-4A92-9F01-7E82ED5C806A}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{F58A8856-1C2D-45F4-A0BD-1AE710E411D6}: [NameServer] 129.250.35.251,192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510 FF DefaultSearchEngine: Yahoo! FF SelectedSearchEngine: Yahoo! FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @canon.com/EPPEX -> H:\Program Files (x86)\cannon\NPEZFFPI.DLL [2013-04-19] (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.) FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-25] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-25] (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2933260109-1030829455-491473259-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mark\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-02-25] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-16] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-02-25] (RealPlayer Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-14] (Cisco WebEx LLC) FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\searchplugins\yandex.xml [2015-05-01] FF Extension: WebSlingPlayer - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2015-03-31] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-11] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-25] FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-15] CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-06-10] CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30] CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2021248 2012-02-10] (Acronis) R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5292048 2012-09-25] (Acronis) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-30] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-05] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10172768 2012-09-25] (Acronis) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-25] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 SynoDrService; I:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [381312 2013-04-24] () [File not signed] R2 UsbClientService; i:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.) S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd) S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd) S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.) S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd) S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-26] (Duplex Secure Ltd.) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1322120 2013-05-04] (Acronis) R3 V0230Vfx; C:\Windows\System32\DRIVERS\V0230Vfx.sys [10752 2006-05-05] (EyePower Games Pte. Ltd.) R3 V0230VID; C:\Windows\System32\DRIVERS\V0230VID.sys [595488 2007-08-07] (Creative Technology Ltd.) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.) R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.) U3 aotfswux; C:\Windows\System32\Drivers\aotfswux.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 COMMONFX.DLL; system32\COMMONFX.DLL [X] S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X] S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X] S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X] S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 10:08 - 2015-07-11 10:08 - 00000000 ____D C:\Users\mark\Desktop\FRST-OlderVersion 2015-07-09 12:04 - 2015-07-09 12:04 - 00000000 ____D C:\Users\mark\AppData\Roaming\32040 2015-07-08 18:26 - 2015-07-08 18:52 - 00083697 _____ C:\Users\mark\Desktop\Addition.txt 2015-07-08 18:24 - 2015-07-11 10:24 - 00038997 _____ C:\Users\mark\Desktop\FRST.txt 2015-07-08 18:23 - 2015-07-11 10:25 - 00000000 ____D C:\FRST 2015-07-08 18:23 - 2015-07-11 10:08 - 02130944 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe 2015-07-02 11:42 - 2015-07-02 11:42 - 00290808 _____ C:\Windows\Minidump\070215-17331-01.dmp 2015-07-01 23:50 - 2015-05-27 19:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-01 23:50 - 2015-05-27 19:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-01 23:50 - 2015-05-27 19:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-01 23:50 - 2015-05-27 19:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-01 23:50 - 2015-05-27 19:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-01 23:50 - 2015-05-27 19:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-01 23:50 - 2015-05-27 19:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-01 23:50 - 2015-05-27 19:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-01 23:50 - 2015-05-27 19:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-01 23:50 - 2015-05-27 19:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-01 23:50 - 2015-05-27 17:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-01 23:50 - 2015-05-27 17:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-01 23:50 - 2015-05-27 17:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-01 23:50 - 2015-05-27 17:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-01 23:50 - 2015-05-27 17:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-01 23:50 - 2015-05-27 17:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-01 23:50 - 2015-05-27 17:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-01 23:50 - 2015-05-27 17:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-01 23:50 - 2015-05-27 17:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-01 23:50 - 2015-05-27 17:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-01 23:50 - 2015-05-27 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-01 23:50 - 2015-05-27 17:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-01 23:50 - 2015-05-27 16:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-01 23:49 - 2015-05-27 19:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-07-01 23:49 - 2015-05-27 17:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-07-01 23:49 - 2015-05-27 16:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-07-01 23:49 - 2015-05-27 16:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-06-30 20:27 - 2015-06-30 20:27 - 00262144 _____ C:\Windows\Minidump\063015-17768-01.dmp 2015-06-30 07:28 - 2015-06-30 07:28 - 00000000 ____D C:\Users\mark\Calibre Library 2015-06-27 12:36 - 2015-06-27 12:36 - 00000000 ____D C:\Users\mark\AppData\Roaming\27566 2015-06-25 20:05 - 2015-06-25 20:05 - 00535176 _____ C:\Windows\Minidump\062515-17456-01.dmp 2015-06-17 11:45 - 2015-06-17 11:45 - 00399272 _____ C:\Windows\Minidump\061715-16738-01.dmp 2015-06-13 16:23 - 2015-06-13 16:23 - 00000842 _____ C:\Users\Public\Desktop\Synology Assistant.lnk 2015-06-13 16:23 - 2015-06-13 16:23 - 00000000 ____D C:\ProgramData\Synology 2015-06-13 11:30 - 2015-06-13 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 10:22 - 2015-04-17 17:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-11 09:31 - 2013-04-30 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-11 08:12 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-11 08:12 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-11 04:09 - 2013-04-29 20:02 - 01516969 _____ C:\Windows\WindowsUpdate.log 2015-07-11 02:54 - 2013-09-25 16:55 - 00000296 _____ C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job 2015-07-11 02:00 - 2014-08-27 11:52 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe 2015-07-10 19:40 - 2013-04-30 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-08 18:23 - 2015-04-17 17:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-08 18:23 - 2015-04-17 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-08 18:23 - 2015-04-17 17:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-07 16:34 - 2013-11-29 10:23 - 00002112 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-07 13:09 - 2013-10-28 10:40 - 00000000 ____D C:\Users\mark\AppData\Roaming\Dropbox 2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-04 10:05 - 2013-08-07 16:02 - 00000000 ____D C:\ProgramData\CanonIJPLM 2015-07-04 10:01 - 2009-07-13 22:13 - 04704652 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-04 10:00 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-07-02 11:51 - 2013-07-20 12:12 - 00000000 ____D C:\Users\mark\AppData\Local\CloudStation 2015-07-02 11:42 - 2015-05-24 09:24 - 923971712 _____ C:\Windows\MEMORY.DMP 2015-07-02 11:42 - 2013-12-16 12:16 - 00000000 ____D C:\Windows\Minidump 2015-07-02 11:42 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-02 11:42 - 2009-07-13 21:51 - 00001339 _____ C:\Windows\setupact.log 2015-07-02 11:09 - 2013-06-29 09:30 - 00000000 ____D C:\Users\mark\AppData\Roaming\Mp3tag 2015-07-02 03:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2015-07-01 16:56 - 2013-11-29 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-01 16:47 - 2014-09-16 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-01 16:31 - 2014-01-18 11:27 - 00000000 ____D C:\AdwCleaner 2015-07-01 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-30 16:26 - 2013-11-29 10:23 - 00002440 _____ C:\Users\mark\Desktop\Google Chrome.lnk 2015-06-30 14:35 - 2014-08-06 08:19 - 00000000 ____D C:\Program Files (x86)\DVDFab 9 2015-06-30 14:34 - 2015-05-30 13:57 - 00001005 _____ C:\Users\Public\Desktop\DVDFab 9.lnk 2015-06-30 14:34 - 2015-05-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 2015-06-30 07:28 - 2013-04-29 20:03 - 00000000 ____D C:\Users\mark 2015-06-25 18:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-17 11:52 - 2014-12-06 17:17 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieBrowserModeList 2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieUserList 2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieSiteList 2015-06-16 10:41 - 2010-11-20 20:47 - 00325966 _____ C:\Windows\PFRO.log 2015-06-16 10:32 - 2015-02-07 17:45 - 00000000 ____D C:\Program Files (x86)\Quicken 2015-06-13 16:23 - 2013-05-04 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology 2015-06-13 16:23 - 2013-05-04 11:11 - 00000000 ____D C:\Program Files (x86)\Synology 2015-06-13 12:26 - 2015-06-10 07:21 - 00001908 _____ C:\Windows\diagwrn.xml 2015-06-13 12:26 - 2015-06-10 07:21 - 00001908 _____ C:\Windows\diagerr.xml 2015-06-13 12:26 - 2009-07-13 21:51 - 00000000 _____ C:\Windows\setuperr.log 2015-06-11 03:03 - 2013-06-01 12:24 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-11 03:02 - 2013-12-04 19:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 ==================== Files in the root of some directories ======= 2014-02-27 14:24 - 2014-02-27 14:24 - 0000029 _____ () C:\Users\mark\AppData\Roaming\default.rss 2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\Users\mark\AppData\Roaming\LaunchAgents 2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 _____ () C:\Users\mark\AppData\Roaming\Multipressor 2013-06-24 10:08 - 2015-04-02 15:21 - 0038400 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-18 17:04 - 2013-07-18 17:04 - 0007604 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg 2013-12-19 18:53 - 2015-04-26 09:58 - 0000040 ___SH () C:\ProgramData\.zreglib 2013-06-28 14:52 - 2013-06-28 14:52 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-06-01 11:15 - 2013-08-07 18:11 - 0007695 _____ () C:\ProgramData\hpzinstall.log 2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Internet Services 2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\ProgramData\Light Machine 2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Metadata Importer 2013-12-14 14:23 - 2015-01-24 12:33 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-06-15 15:20 - 2013-06-15 15:20 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT 2013-06-15 14:30 - 2013-06-15 15:17 - 0000000 ____H () C:\ProgramData\PKP_DLea.DAT 2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT 2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT Some files in TEMP: ==================== C:\Users\Linda.MYPC.000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\mark\AppData\Local\Temp\AVG Toolbar v.9.23.exe C:\Users\mark\AppData\Local\Temp\checkChipVersion_v1006.exe C:\Users\mark\AppData\Local\Temp\CheckLang.dll C:\Users\mark\AppData\Local\Temp\COMAP.EXE C:\Users\mark\AppData\Local\Temp\CtRunApp.dll C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxkyxep.dll C:\Users\mark\AppData\Local\Temp\en_ww_Package.exe C:\Users\mark\AppData\Local\Temp\GPUpd54120DC81.exe C:\Users\mark\AppData\Local\Temp\GPUpd5416024B1.exe C:\Users\mark\AppData\Local\Temp\GPUpd541753D81.exe C:\Users\mark\AppData\Local\Temp\haspdinst_x64.exe C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\mark\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\mark\AppData\Local\Temp\lowproc.exe C:\Users\mark\AppData\Local\Temp\MSETUP4.EXE C:\Users\mark\AppData\Local\Temp\namebench.exe C:\Users\mark\AppData\Local\Temp\ose00000.exe C:\Users\mark\AppData\Local\Temp\ose00003.exe C:\Users\mark\AppData\Local\Temp\PidGenX.dll C:\Users\mark\AppData\Local\Temp\post1.exe C:\Users\mark\AppData\Local\Temp\post2.dll C:\Users\mark\AppData\Local\Temp\post2.exe C:\Users\mark\AppData\Local\Temp\python27.dll C:\Users\mark\AppData\Local\Temp\Quarantine.exe C:\Users\mark\AppData\Local\Temp\RunApp.dll C:\Users\mark\AppData\Local\Temp\SCC.dll C:\Users\mark\AppData\Local\Temp\setup.exe C:\Users\mark\AppData\Local\Temp\SkypeSetup.exe C:\Users\mark\AppData\Local\Temp\sqlite3.dll C:\Users\mark\AppData\Local\Temp\stubhelper.dll C:\Users\mark\AppData\Local\Temp\SymCCIS.dll C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3004.exe C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3103.exe C:\Users\mark\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\mark\AppData\Local\Temp\tcl85.dll C:\Users\mark\AppData\Local\Temp\tk85.dll C:\Users\mark\AppData\Local\Temp\utt71C4.tmp.exe C:\Users\mark\AppData\Local\Temp\utt71F.tmp.exe C:\Users\mark\AppData\Local\Temp\vsdel.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-03 13:23 ==================== End of log ============================ Addition.txt